<?php
	require_once('database.class.php');
	
	class User
	{
		private static $firstname,$lastname,$mail,$login,$isAdmin;
		private static $database;
		private static function setData($login='',$firstname='',$lastname='',$mail='',$isAdmin=false)
		{
			self::$login = $_SESSION['login'] = $login;
			self::$firstname = $_SESSION['firstname'] = $firstname;
			self::$lastname = $_SESSION['lastname'] = $lastname;
			self::$mail = $_SESSION['mail'] = $mail;
			self::$isAdmin = $_SESSION['isAdmin'] = $isAdmin;
		}
		
		static function start()
		{
			@session_start();
			self::$login = $_SESSION['login'];
			self::$firstname = $_SESSION['firstname'];
			self::$lastname = $_SESSION['lastname'];
			self::$mail = $_SESSION['mail'];
			self::$isAdmin = $_SESSION['isAdmin'];
		}
		
		static function loginAs($user, $pass)
		{
			self::$database = new Database();
			$res = self::$database->query("SELECT login,imie,nazwisko,mail,czy_admin FROM uzytkownicy WHERE login='$user' AND hash=md5(md5('$pass')||md5('$pass'||salt)) AND czy_aktywny=true");
			if(count($res) != 1) throw new Exception('Błędny login/hasło.',-1);
			else ($res = $res[0]);
			self::setData($res['login'],$res['imie'],$res['nazwisko'],$res['mail'],$res['czy_admin']=='t');		
		}
		static function logout()
		{
			self::setData();
		}
		static function getLogin()
		{
			return self::$login;
		}
		static function isAdmin()
		{
			return self::$isAdmin;
		}
		static function isLoggedIn()
		{
			return self::$login != '';
		}
		static function loginForm()
		{
			if(self::isLoggedIn())
			{
				if(self::isAdmin()) $image = '<img src="images/user_gray.png"/>';
				else $image = '<img src="images/user.png"/>';
				$loginform = '<span>'.$image.self::$firstname.' '.self::$lastname.' :: <a href="login.php?logout=yes"><img src="images/door_in.png"/>Wyloguj</a></span>';
			}
			else
			{
				$loginform = '<form id="loginform" method="post" action="login.php">Login: <input type="text" name="user" /> Hasło: <input type="password" name="pass" /> <input type="submit" value="OK" /></form>';
			}
			return $loginform;
		}/*
		function listUsers()
		{
			if(!$this->isAdmin()) return false;
			global $database;
			$this->mysqli = new mysqli($database['host'],$database['user'],$database['pass'],$database['dbname']);
			if (mysqli_connect_error()) throw new Exception(make_exception_message(E_DB_CONN),E_DB_CONN);
			if (!$this->mysqli->query('SET NAMES \'utf8\'')) throw new Exception(make_exception_message(E_DB_QUERY),E_DB_QUERY);
			$res = $this->mysqli->query('SELECT uid,username,fullname FROM uzytkownicy');
			if (!$res) throw new Exception(make_exception_message(E_DB_QUERY),E_DB_QUERY);
			while($a = $res->fetch_assoc()) $result[] = $a;
			return $result;
		}
		function deleteUser($uid)
		{
			if(!$this->isAdmin()) throw new Exception('Nie jesteś adminem!');
			if($this->getUID()==$uid) throw new Exception('Nie możesz usunąć siebie!');
			global $database;
			$this->mysqli = new mysqli($database['host'],$database['user'],$database['pass'],$database['dbname']);
			if (mysqli_connect_error()) throw new Exception(make_exception_message(E_DB_CONN),E_DB_CONN);
			if (!$this->mysqli->query('SET NAMES \'utf8\'')) throw new Exception(make_exception_message(E_DB_QUERY),E_DB_QUERY);
			$res = $this->mysqli->query('DELETE FROM uzytkownicy WHERE uid='.intval($uid));
			if (!$res) throw new Exception(make_exception_message(E_DB_QUERY),E_DB_QUERY);
			return true;
		}
		function addUser($login,$pass,$full)
		{
			if(!$this->isAdmin()) throw new Exception('Nie jesteś adminem!');
			global $database;
			$this->mysqli = new mysqli($database['host'],$database['user'],$database['pass'],$database['dbname']);
			if (mysqli_connect_error()) throw new Exception(make_exception_message(E_DB_CONN),E_DB_CONN);
			if (!$this->mysqli->query('SET NAMES \'utf8\'')) throw new Exception(make_exception_message(E_DB_QUERY),E_DB_QUERY);
			$res = $this->mysqli->query('INSERT INTO uzytkownicy VALUES(null,\''.$login.'\',\''.md5($pass).'\',\''.$full.'\')');
			if (!$res) throw new Exception(make_exception_message(E_DB_QUERY),E_DB_QUERY);
			return true;
		}*/
	}
?>